1 files changed, 41 insertions, 0 deletions
diff --git a/system-profiles/openssh/default.nix b/system-profiles/openssh/default.nix
new file mode 100644
index 00000000..09ff58f7
--- /dev/null
+++ b/system-profiles/openssh/default.nix
@@ -0,0 +1,41 @@
+{ customUtils, lib, config, hostName, pkgs, ... }:
+{
+  config = {
+    programs.ssh.knownHosts = lib.zipAttrsWith (_name: values: builtins.head values) (lib.mapAttrsToList (name: lib.mapAttrs' (type: value: lib.nameValuePair "${name}-${type}" value)) (customUtils.nixImport { dir = ./known-hosts; }));
+    systemd.user.services."ssh-agent".enable = lib.mkForce false; # ssh-agent should be done via home-manager
+    services.openssh = lib.mkIf config.services.openssh.enable {
+      hostKeys = [
+        { path = "/etc/ssh/ssh_host_rsa_key";
+          type = "rsa";
+        }
+        { path = "/etc/ssh/ssh_host_ed25519_key";
+          type = "ed25519";
+        }
+      ];
+    };
+    sops.secrets = lib.mkIf config.services.openssh.enable {
+      ssh_host_rsa_key = {
+          key = "rsa";
+          path = "/etc/ssh/ssh_host_rsa_key";
+          sopsFile = ./host-keys + "/${hostName}.yaml";
+      };
+      ssh_host_ed25519_key = {
+          key = "ed25519";
+          path = "/etc/ssh/ssh_host_ed25519_key";
+          sopsFile = ./host-keys + "/${hostName}.yaml";
+      };
+    };
+    environment.etc = lib.mkIf config.services.openssh.enable {
+      "ssh/ssh_host_rsa_key.pub".text = config.services.openssh.knownHosts."${hostName}-rsa".publicKey;
+      "ssh/ssh_host_ed25519_key.pub".text = config.services.openssh.knownHosts."${hostName}-ed25519".publicKey;
+    };
+    environment.systemPackages = lib.mkIf config.services.openssh.enable (with pkgs; [
+      rxvt_unicode.terminfo alacritty.terminfo
+    ]);
+  };
+}

diff --git a/system-profiles/openssh/default.nix b/system-profiles/openssh/default.nix new file mode 100644 index 00000000..09ff58f7 --- /dev/null +++ b/system-profiles/openssh/default.nix
@@ -0,0 +1,41 @@
	1	{ customUtils, lib, config, hostName, pkgs, ... }:
	2	{
	3	config = {
	4	programs.ssh.knownHosts = lib.zipAttrsWith (_name: values: builtins.head values) (lib.mapAttrsToList (name: lib.mapAttrs' (type: value: lib.nameValuePair "${name}-${type}" value)) (customUtils.nixImport { dir = ./known-hosts; }));
	5
	6	systemd.user.services."ssh-agent".enable = lib.mkForce false; # ssh-agent should be done via home-manager
	7
	8	services.openssh = lib.mkIf config.services.openssh.enable {
	9	hostKeys = [
	10	{ path = "/etc/ssh/ssh_host_rsa_key";
	11	type = "rsa";
	12	}
	13	{ path = "/etc/ssh/ssh_host_ed25519_key";
	14	type = "ed25519";
	15	}
	16	];
	17	};
	18
	19	sops.secrets = lib.mkIf config.services.openssh.enable {
	20	ssh_host_rsa_key = {
	21	key = "rsa";
	22	path = "/etc/ssh/ssh_host_rsa_key";
	23	sopsFile = ./host-keys + "/${hostName}.yaml";
	24	};
	25	ssh_host_ed25519_key = {
	26	key = "ed25519";
	27	path = "/etc/ssh/ssh_host_ed25519_key";
	28	sopsFile = ./host-keys + "/${hostName}.yaml";
	29	};
	30	};
	31
	32	environment.etc = lib.mkIf config.services.openssh.enable {
	33	"ssh/ssh_host_rsa_key.pub".text = config.services.openssh.knownHosts."${hostName}-rsa".publicKey;
	34	"ssh/ssh_host_ed25519_key.pub".text = config.services.openssh.knownHosts."${hostName}-ed25519".publicKey;
	35	};
	36
	37	environment.systemPackages = lib.mkIf config.services.openssh.enable (with pkgs; [
	38	rxvt_unicode.terminfo alacritty.terminfo
	39	]);
	40	};
	41	}